Read Time:26 Second
Posted by Matthew Fernandez on Sep 19
What is the security boundary being violated here? As a maintainer of
some of the packages implicated here, I’m unsure what my actionable
tasks are. The threat model(s) for my packages does not consider crashes
to be a security violation. On the other side, things like crypto code
frequently use their own non-GMP implementation of bignum arith for this
(and other) reason.
Not trying to brush this off. But I’m just trying to gain an…
More Stories
USN-6992-2: Firefox regressions
USN-6992-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the...